Using IPv6 and ULA for greater resilience

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Using IPv6 and ULA for greater resilience

Daniel Pocock-4

For a home network or a small office, what is the best practice for
using ULA in parallel with the prefix from an ISP?

Consider the following:

- router (OpenWRT or Debian) receives prefix delegation from ISP and
shares it, and also a ULA prefix, over the LAN with DHCPv6

- there is a small server or NAS running Debian on the LAN

- the router is also the local DNS and it is synchronized with the
DHCPv6 leases (e.g. the default OpenWRT odhcpd/dnsmasq setup)

- the aim is that if either the router or server stop working,
everything else (e.g. local DNS, communication between other local
machines) keeps working using the ULA prefix.  Example: if the router
stops working, the local workstations need to be able to resolve the
hostname of the server and contact it using the ULA addresses.


Looking around online, I've found various suggestions but nothing that
appears to be a complete and concise solution.  For example, one blog
suggested using two ULA prefixes, one for devices with static addresses
(the server) and another for devices with dynamic addresses (e.g.
workstations, laptops).  It appeared a bit overcomplicated and didn't
cover the DNS.

An easy solution might involve putting static addresses on everything
and putting the server's ULA address in every hosts file but it would be
nice to find a solution that is entirely dynamic with only the router
and server having any static configuration entries.

Which solution would be suggested for synchronizing the DHCPv6 leases
and DNS entries between both router and server?  OpenWRT ships odhcpd
and dnsmasq, Debian has the ISC equivalents as well.  Which solutions
are people using?

Regards,

Daniel



Reply | Threaded
Open this post in threaded view
|

Re: Using IPv6 and ULA for greater resilience

Henri Wahl
With dhcpy6d you can hand out multiple addresses to your clients -
static ULAs and random GUAs for example. DNS synchronisation works well
with ISC Bind.

See https://dhcpy6d.ifw-dresden.de for details.

Regards


--
Henri Wahl

IT Department
Leibniz-Institut fuer Festkoerper- u.
Werkstoffforschung Dresden

tel: +49 (3 51) 46 59 - 797
email: [hidden email]
https://www.ifw-dresden.de

Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de

DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de

S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem
PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc

IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Manfred Hennecke, Dr. Doreen Kirmse


signature.asc (220 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Using IPv6 and ULA for greater resilience

Dan Ritter-4
In reply to this post by Daniel Pocock-4
On Sat, May 13, 2017 at 09:34:28AM +0200, Daniel Pocock wrote:
>
> - the aim is that if either the router or server stop working,
> everything else (e.g. local DNS, communication between other local
> machines) keeps working using the ULA prefix.  Example: if the router
> stops working, the local workstations need to be able to resolve the
> hostname of the server and contact it using the ULA addresses.

To a first approximation, it sounds like what you really want
is multicast DNS, aka ZeroConf.

Or, in another direction, perhaps you want a failover DHCP and
DNS setup.

(And you can do both if you feel like it.)

If you do mDNS, every host will need to support it in order to
be reachable. They each act as a tiny DNS server, listening to
the multicast address in order to supply their own records (A,
AAAA, CNAME, whatever) and querying the multicast address for
either service discovery of a DNS server or the answer for their
request.

Failover DHCP is relatively easy, although less resilient
because you only need to disable all the participants to stop
your address assignment. Redundant DNS servers are nearly
trivial.

At home, I run failover DHCP and redundant DNS with my router
and my main server as the participants, both being Debian boxes.
I'm looking into mDNS, but only half-heartedly.

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: Using IPv6 and ULA for greater resilience

Michael Richardson-5
In reply to this post by Daniel Pocock-4

Daniel Pocock <[hidden email]> wrote:
    > For a home network or a small office, what is the best practice for
    > using ULA in parallel with the prefix from an ISP?

    > Consider the following:

    > - router (OpenWRT or Debian) receives prefix delegation from ISP and
    > shares it, and also a ULA prefix, over the LAN with DHCPv6

    > - there is a small server or NAS running Debian on the LAN

So, this is all outlined in RFC7084 (replacing RFC6204), and post-CC
OpenWRT/LEDE do a very good job of doing exactly what you describe.

Also, the HOMENET WG has done work to make this work when you have multiple
uplinks, and multiple routers with-in the "home", and do this in a zerotouch
way.

There are many opportunities to contribute to this effort.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Using IPv6 and ULA for greater resilience

Daniel Pocock-4


On 14/05/17 23:07, Michael Richardson wrote:

>
> Daniel Pocock <[hidden email]> wrote:
>> For a home network or a small office, what is the best practice
>> for using ULA in parallel with the prefix from an ISP?
>
>> Consider the following:
>
>> - router (OpenWRT or Debian) receives prefix delegation from ISP
>> and shares it, and also a ULA prefix, over the LAN with DHCPv6
>
>> - there is a small server or NAS running Debian on the LAN
>
> So, this is all outlined in RFC7084 (replacing RFC6204), and
> post-CC OpenWRT/LEDE do a very good job of doing exactly what you
> describe.
>
> Also, the HOMENET WG has done work to make this work when you have
> multiple uplinks, and multiple routers with-in the "home", and do
> this in a zerotouch way.
>
> There are many opportunities to contribute to this effort.



Is there any practical guide explaining what needs to be configured in
Debian to work with this if the router runs OpenWRT and the server is
Debian?

Regards,

Daniel

Reply | Threaded
Open this post in threaded view
|

Re: Using IPv6 and ULA for greater resilience

Matthew Hall-12
I just made a similar setup this week.

In my case I just used a router / firewall with NAT66 support.

I generated the ULA using one of the online ULA generators.

Then configured the firewall in NAT4 and NAT6. You can assign static addresses in the ULA subnet for the key hosts and let the more transient hosts just use the DHCPv4 and DHCPv6 or SLAAC.

Setup is working great so far for me.

Matthew Hall

> On Jun 22, 2017, at 8:00 AM, Daniel Pocock <[hidden email]> wrote:
>
> Is there any practical guide explaining what needs to be configured in
> Debian to work with this if the router runs OpenWRT and the server is
> Debian?
>
> Regards,
>
> Daniel
>